Cross-site scripting (XSS) is one of the most common ways
hackers attack websites. XSS vulnerabilities permit a malicious user to
execute arbitrary chunks of JavaScript when other users visit your site.

XSS is the most common publicly reported security vulnerability, and part of
every hacker’s toolkit.

Risks

Prevalence

Rare

Exploitability

Easy

Impact

Harmful

DOM-based XSS attacks have all the risks associated with
the other types of XSS attack, with the
added bonus that they are impossible to detect from the server side.
Any page that uses URI fragments is potentially at risk from XSS attacks.